Clarke said during an interview with the Smithsonian. “Every major company in the United States has already been penetrated by China. My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.

“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. We don’t do that.”

Specifically, the advisory committee endorsed industry-based recommendations in each of these three areas,

Anti-Bot Code of Conduct — To reduce the threat of botnets in residential networks, CSRIC recommended a voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (Anti-Bot Code). Under the Anti-Bot Code, ISPs agree to educate consumers about the botnet threat, take steps to detect botnet activity on their networks, make consumers aware of botnet infections on their computers, offer assistance to consumers whose computers are infected and collaborate with other service providers that have also adopted the Anti-Bot Code.

DNS Best Practices — CSRIC recommended that ISPs implement best practices to better secure the Domain Name System by using DNSSEC, a set of secure protocol extensions that prevent such fraudulent activity. This recommendation is a significant first step toward full DNSSEC implementation by ISPs and will allow users, with software applications like browsers, to validate that the destination they are trying to reach is authentic and not a spoofed website.

IP Route Hijacking Industry Framework — CSRIC recommended an industry framework to prevent Internet route hijacking, which is the erroneous routing of Internet traffic through potentially untrustworthy networks. CSRIC recommended that ISPs work to implement new technologies and practices to reduce the number of these events, thereby ensuring that users in the U.S. can be more confident that their Internet traffic will not be exposed to scrutiny by other networks, foreign or domestic, through misrouting.